Feed Your Virus Worries to a Clam - Page 2

By Carla Schroder | Posted Sep 1, 2004
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Continued From Page 1

Now open /etc/clamav/clamav.conf and /etc/amavis/amavisd.conf, and make sure that amavisd.conf references the "Local Socket" file named in clamav.conf:

## /etc/clamav/clamav.conf 
LocalSocket /var/run/clamav/clamd.ctl

##/etc/amavis/amavisd.conf
### http://www.clamav.net/
['Clam Antivirus-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
....

Now you must change the ownership of all directories that ClamAV uses to the "amavis" user. It won't work otherwise. If an amavis user and group were not created by the installer, create them now. In most installations, ClamAV creates these directories:

LogFile /var/log/clamav/clamav.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/

Change ownership like this:

# chown -R amavis:amavis /var/log/clamav/

Be careful! Only change directories that belong only to ClamAV, don't do this with any shared directories. Now open /etc/clamav/freshclam.conf, and do the same with any other directories you find listed there.

Next, locate any files belonging to ClamAV in /etc/logrotate.d/:

/etc/logrotate.d/clamav-daemon
/etc/logrotate.d/clamav-freshclam

The filenames may vary a bit, depending on your Linux distribution. Inside the files, find this line:

create 640 clamav adm

change it to

create 640 clamav amavis

Save your changes, and restart both clamd and freshclam. On Debian:

# /etc/init.d/clamav-daemon reload
# /etc/init.d/clamav-freshclam reload

On Red Hat/Fedora:

# /etc/init.d/clamd reload
# /etc/init.d/freshclam reload

And you're done. Now you can start sending test messages and watching your logs.

You'll save yourself a lot of work if you install from packages, rather than sources. If you must install from sources, read all the documentation. You'll have to manually create all kinds of users and directories and init scripts.

The two ClamAV components of greatest interest are clamd, the scanning daemon, and freshclam, which automatically fetches virus definition updates. These are configured in /etc/clamav/clamav.conf, and /etc/clamav/freshclam.conf. The defaults should be fine, there really isn't much to tweak. Except you should find a different update mirror for freshclam.conf, at http://www.clamav.net/mirrors.html. Be kind -- don't use the default mirror.

Next Week

Next week, in Part 3, we'll go more in-depth into the role Postfix plays in all this, and look at how to test and monitor your nice new anti-spam, anti-virus gateway for effectiveness.

Resources

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter